Conference Notes and Best Practices Release 1.3 ... - Read the Docs

More documents

Recommendations

Info

Conference Notes and Best Practices, Release 1.3 Terminology • Advisory • Low • Medium • High • Critical Advisory • Issues that the security team wishes to communicate but carry no specific required action. • May contain recommended actions, but no specific response is required. Low • Issues that are expected to be resolved, but have low risk, or low consequences. Should not interrupt day to day operations. Medium • Carry some risk, but have low impact. May have someone work on. High • Carry substantial risk, publicly disclosed issues. Will probably interrupt several developers from multiple teams. Critical • Threaten the integrity of the company. Great financial risk or otherwise “sky is falling” level issues. • “All hands on deck” Assessment • Start with OWASP for risk rating • Risk = Likelihood x Impact • How likely is that this issue will be discovered and exploited? Examples of Vulnerabilities • http://bit.ly/13ds9X0 (PostgreSQL) • Likelyhood: threat agent • Calculate Threat • Calculate your impact • Matrix of likelyhood and impact • This case came out to High level. 34 Chapter 3. Conferences
Conference Notes and Best Practices, Release 1.3 Transactions for Web Developers Presenter: Aymeric Augustin Track: I Description: Django has since long outgrown its roots in publishing. It’s used in enterprise systems, under write-heavy workloads and strong data integrity requirements. But transaction management barely changed since the 0.9x days. Even veterans pull their hair out fighting DatabaseErrors when they use it. At last transaction handling will be overhauled in Django 1.6. How does the new system work, and why? Transaction Management • SQL-92 standard • A transaction is a sequence of SqL statements that is atomic with respect to recovery. • All or nothing. • Lifecycle (Transaction initiating statement -> commit, explicit rollback) SQL-1999 • Save points (Like sub-transactions) • Statements always run in a transactions • Transactions are opened automatically • Transactions are advanced technology. Dreaded Error • Current Transaction is aborted, commands ignored until end of transaction block • Means - A previous statement failed, the application must perform a rollback • Recovery must be done in the application (Any auto-recovery scheme breaks transactional integrity) Auto Commit • Commit implicitly after each statement. • Wrap each statement in ints own transaction • Just execute my query! • Most databases default to auto commit. Auto Commit in PostgreSQL • Server always auto commit • Client libs can emulate standard behavior • in psql: set autocommit off 3.1. Django Con US 2013 35
Page 1: Conference Notes and Best Practices
Page 5 and 6: Conference Notes and Best Practices
Page 7 and 8: CHAPTER 1 Meetups 1.1 Django Deploy
Page 13 and 14: CHAPTER 2 Notes 2.1 Django Resource
Page 17 and 18: CHAPTER 3 Conferences 3.1 Django Co
Page 37: Conference Notes and Best Practices
Page 89 and 90:
Conference Notes and Best Practices
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
show all

Conference Notes and Best Practices Release 1.3 ... - Read the Docs

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?